hoijui
commented
2 hours ago Sorry, I did not get notifications for this repo, even though I created it. :/ (now I do) ... and you can now do this yourself! :-)
Open Rudxain opened 5 hours ago
hoijui
commented
2 hours ago Sorry, I did not get notifications for this repo, even though I created it. :/ (now I do) ... and you can now do this yourself! :-)
If a repo script persistently stores sensitive data (as cookie,
localStorage, etc...), then other repos opened by the user will also have access to this data. This isn't inherently a problem of bypassing CORS, so it should be mentioned as an additional risk (both in theREADMEand theindex)I haven't tested if this "vulnerability" actually works, but I assume it's likely that it can be easily exploited